Moved what otherwise would've been handlers to task section to reduce complexity of implementation
This commit is contained in:
Alex Tavarez
76
roles/bootstrap/tasks/configure_core/fail2ban.yml
Normal file
76
roles/bootstrap/tasks/configure_core/fail2ban.yml
Normal file
@@ -0,0 +1,76 @@
|
||||
---
|
||||
- name: Check if path to fail2ban configuration files exists
|
||||
stat:
|
||||
path: /etc/fail2ban/jail.d
|
||||
register: fail2path
|
||||
- name: Check if path to systemd fail2ban service configuration files exists
|
||||
stat:
|
||||
path: /etc/systemd/system/fail2ban.service.d
|
||||
register: fail2serve_path
|
||||
- name: Create relevant fail2ban configuration directory
|
||||
become: yes
|
||||
become_method: sudo
|
||||
file:
|
||||
path: /etc/fail2ban/jail.d
|
||||
state: directory
|
||||
register: fail2bandir_created
|
||||
when: not fail2path.stat.exists
|
||||
- name: Create relevant fail2ban configuration directory
|
||||
become: yes
|
||||
become_method: sudo
|
||||
file:
|
||||
path: /etc/systemd/system/fail2ban.service.d
|
||||
state: directory
|
||||
register: fail2servdir_created
|
||||
when: not fail2serve_path.stat.exists
|
||||
- name: Copy protftpd jail file
|
||||
become: yes
|
||||
become_method: sudo
|
||||
copy:
|
||||
src: ftp.local
|
||||
dest: /etc/fail2ban/jail.d/ftp.local
|
||||
force: yes
|
||||
backup: yes
|
||||
when: fail2path.stat.exists
|
||||
- name: Copy sshd jail file
|
||||
become: yes
|
||||
become_method: sudo
|
||||
copy:
|
||||
src: sshd.local
|
||||
dest: /etc/fail2ban/jail.d/sshd.local
|
||||
force: yes
|
||||
backup: yes
|
||||
when: fail2path.stat.exists
|
||||
- name: Copy fail2ban modified service configuration
|
||||
become: yes
|
||||
become_method: sudo
|
||||
copy:
|
||||
src: override.conf
|
||||
dest: /etc/systemd/system/fail2ban.service.d/sshd.local
|
||||
force: yes
|
||||
backup: yes
|
||||
when: fail2serve_path.stat.exists
|
||||
- name: Reload fail2ban service
|
||||
become: yes
|
||||
become_method: sudo
|
||||
service:
|
||||
name: fail2ban
|
||||
state: reloaded
|
||||
register: fail2ban_reloaded
|
||||
- name: Start and enable fail2ban service
|
||||
become: yes
|
||||
become_method: sudo
|
||||
service:
|
||||
name: fail2ban
|
||||
state: started
|
||||
enabled: yes
|
||||
register: fail2ban_running
|
||||
when: fail2ban_reloaded
|
||||
- name: Restart fail2ban service
|
||||
become: yes
|
||||
become_method: sudo
|
||||
service:
|
||||
name: fail2ban
|
||||
state: restarted
|
||||
register: fail2ban_restarted
|
||||
when: fail2ban_reloaded
|
||||
Reference in New Issue
Block a user